UbuntuUpdates.org

Package "linux-lowlatency-hwe-5.19-cloud-tools-common"

Name: linux-lowlatency-hwe-5.19-cloud-tools-common

Description:

Linux kernel version specific cloud tools for version 5.19.0

Latest version: 5.19.0-1030.30
Release: jammy (22.04)
Level: security
Repository: main
Head package: linux-lowlatency-hwe-5.19

Links


Download "linux-lowlatency-hwe-5.19-cloud-tools-common"


Other versions of "linux-lowlatency-hwe-5.19-cloud-tools-common" in Jammy

Repository Area Version
updates main 5.19.0-1030.30
PPA: Canonical Kernel Team 5.19.0-1027.28~22.04.1

Changelog

Version: 5.19.0-1030.30 2023-07-24 22:07:32 UTC

  linux-lowlatency-hwe-5.19 (5.19.0-1030.30) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-5.19: 5.19.0-1030.30 -proposed tracker
    (LP: #2026452)

  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

  [ Ubuntu: 5.19.0-50.50 ]

  * jammy/linux-hwe-5.19: 5.19.0-50.50 -proposed tracker (LP: #2026456)
  * CVE-2023-2640 // CVE-2023-32629
    - Revert "UBUNTU: SAUCE: overlayfs: handle idmapped mounts in
      ovl_do_(set|remove)xattr"
    - Revert "UBUNTU: SAUCE: overlayfs: Skip permission checking for
      trusted.overlayfs.* xattrs"
    - SAUCE: overlayfs: default to userxattr when mounted from non initial user
      namespace
  * CVE-2023-35001
    - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  * CVE-2023-31248
    - netfilter: nf_tables: do not ignore genmask when looking up chain by id
  * CVE-2023-3389
    - io_uring: hold uring mutex around poll removal
  * CVE-2023-3390
    - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
  * CVE-2023-3141
    - memstick: r592: Fix UAF bug in r592_remove due to race condition
  * CVE-2023-3090
    - ipvlan:Fix out-of-bounds caused by unclear skb->cb
  * CVE-2022-48502
    - fs/ntfs3: Check fields while reading
  * Packaging resync (LP: #1786013)
    - [Packaging] update update.conf

 -- Stefan Bader <email address hidden> Thu, 13 Jul 2023 11:01:04 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2023-35001 Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or
CVE-2023-31248 Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active a
CVE-2023-3141 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker
CVE-2022-48502 An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an

Version: 5.19.0-1028.29~22.04.1 2023-06-28 22:07:50 UTC

  linux-lowlatency-hwe-5.19 (5.19.0-1028.29~22.04.1) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-5.19: 5.19.0-1028.29~22.04.1 -proposed tracker
    (LP: #2024035)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync update-dkms-versions helper

  [ Ubuntu: 5.19.0-1028.29 ]

  * kinetic/linux-lowlatency: 5.19.0-1028.29 -proposed tracker (LP: #2024036)
  * kinetic/linux: 5.19.0-46.47 -proposed tracker (LP: #2024043)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log
    - [Packaging] resync getabis
  * CVE-2023-2430
    - io_uring/msg_ring: fix missing lock on overflow for IOPOLL
  * cls_flower: off-by-one in fl_set_geneve_opt (LP: #2023577)
    - net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
  * Some INVLPG implementations can leave Global translations unflushed when
    PCIDs are enabled (LP: #2023220)
    - x86/mm: Avoid incomplete Global INVLPG flushes

 -- Stefan Bader <email address hidden> Wed, 21 Jun 2023 11:27:31 +0200

Source diff to previous version
1786013 Packaging resync
2023577 cls_flower: off-by-one in fl_set_geneve_opt
CVE-2023-2430 io_uring/msg_ring: fix missing lock on overflow for IOPOLL

Version: 5.19.0-1027.28~22.04.1 2023-06-16 09:07:41 UTC

  linux-lowlatency-hwe-5.19 (5.19.0-1027.28~22.04.1) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-5.19: 5.19.0-1027.28~22.04.1 -proposed tracker
    (LP: #2023052)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  [ Ubuntu: 5.19.0-1027.28 ]

  * kinetic/linux-lowlatency: 5.19.0-1027.28 -proposed tracker (LP: #2023053)
  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis
  * kinetic/linux: 5.19.0-45.46 -proposed tracker (LP: #2023057)
  * Kinetic update: upstream stable patchset 2023-05-23 (LP: #2020599)
    - wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"

Source diff to previous version
1786013 Packaging resync
2020599 Kinetic update: upstream stable patchset 2023-05-23

Version: 5.19.0-1025.26~22.04.1 2023-05-31 09:25:44 UTC

  linux-lowlatency-hwe-5.19 (5.19.0-1025.26~22.04.1) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-5.19: 5.19.0-1025.26~22.04.1 -proposed tracker
    (LP: #2019598)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync getabis

  [ Ubuntu: 5.19.0-1025.26 ]

  * kinetic/linux-lowlatency: 5.19.0-1025.26 -proposed tracker (LP: #2019599)
  * kinetic/linux: 5.19.0-43.44 -proposed tracker (LP: #2019606)
  * CVE-2023-32233
    - netfilter: nf_tables: deactivate anonymous set from preparation phase
  * CVE-2023-2612
    - SAUCE: shiftfs: prevent lock unbalance in shiftfs_create_object()
  * CVE-2023-31436
    - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  * CVE-2023-1380
    - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  * CVE-2023-30456
    - KVM: nVMX: add missing consistency checks for CR0 and CR4
  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

 -- Stefan Bader <email address hidden> Tue, 23 May 2023 15:37:34 +0200

Source diff to previous version
1786013 Packaging resync
CVE-2023-32233 In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and
CVE-2023-2612 Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...
CVE-2023-31436 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.
CVE-2023-1380 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel.
CVE-2023-30456 An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.

Version: 5.19.0-1024.25~22.04.1 2023-05-16 13:14:33 UTC

  linux-lowlatency-hwe-5.19 (5.19.0-1024.25~22.04.1) jammy; urgency=medium

  * jammy/linux-lowlatency-hwe-5.19: 5.19.0-1024.25~22.04.1 -proposed tracker
    (LP: #2016493)

  [ Ubuntu: 5.19.0-1024.25 ]

  * kinetic/linux-lowlatency: 5.19.0-1024.25 -proposed tracker (LP: #2016494)
  * kinetic/linux: 5.19.0-42.43 -proposed tracker (LP: #2016503)
  * selftest: fib_tests: Always cleanup before exit (LP: #2015956)
    - selftest: fib_tests: Always cleanup before exit
  * Debian autoreconstruct Fix restoration of execute permissions (LP: #2015498)
    - [Debian] autoreconstruct - fix restoration of execute permissions
  * Kinetic update: upstream stable patchset 2023-04-10 (LP: #2015812)
    - drm/etnaviv: don't truncate physical page address
    - wifi: rtl8xxxu: gen2: Turn on the rate control
    - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
    - clk: mxl: Switch from direct readl/writel based IO to regmap based IO
    - clk: mxl: Remove redundant spinlocks
    - clk: mxl: Add option to override gate clks
    - clk: mxl: Fix a clk entry by adding relevant flags
    - powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
    - clk: mxl: syscon_node_to_regmap() returns error pointers
    - random: always mix cycle counter in add_latent_entropy()
    - KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
    - KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
    - can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
    - powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
    - powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned
    - powerpc/64s/radix: Fix RWX mapping with relocated kernel
    - uaccess: Add speculation barrier to copy_from_user()
    - wifi: mwifiex: Add missing compatible string for SD8787
    - audit: update the mailing list in MAINTAINERS
    - ext4: Fix function prototype mismatch for ext4_feat_ktype
    - Revert "net/sched: taprio: make qdisc_leaf() see the per-netdev-queue pfifo
      child qdiscs"
    - bpf: add missing header file include
    - wifi: ath11k: fix warning in dma_free_coherent() of memory chunks while
      recovery
    - sched/psi: Stop relying on timer_pending() for poll_work rescheduling
    - docs: perf: Fix PMU instance name of hisi-pcie-pmu
    - randstruct: disable Clang 15 support
    - ionic: refactor use of ionic_rx_fill()
    - Fix XFRM-I support for nested ESP tunnels
    - arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
    - ARM: dts: rockchip: add power-domains property to dp node on rk3288
    - HID: elecom: add support for TrackBall 056E:011C
    - ACPI: NFIT: fix a potential deadlock during NFIT teardown
    - btrfs: send: limit number of clones and allocated memory size
    - ASoC: rt715-sdca: fix clock stop prepare timeout issue
    - IB/hfi1: Assign npages earlier
    - neigh: make sure used and confirmed times are valid
    - HID: core: Fix deadloop in hid_apply_multiplier.
    - x86/cpu: Add Lunar Lake M
    - bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state
    - net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
    - vc_screen: don't clobber return value in vcs_read
    - scripts/tags.sh: fix incompatibility with PCRE2
    - usb: dwc3: pci: add support for the Intel Meteor Lake-M
    - USB: serial: option: add support for VW/Skoda "Carstick LTE"
    - usb: gadget: u_serial: Add null pointer check in gserial_resume
    - USB: core: Don't hold device lock while reading the "descriptors" sysfs file
  * Kinetic update: upstream stable patchset 2023-04-06 (LP: #2015511)
    - ARM: dts: imx: Fix pca9547 i2c-mux node name
    - ARM: dts: vf610: Fix pca9548 i2c-mux node names
    - arm64: dts: freescale: Fix pca954x i2c-mux node names
    - arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
    - firmware: arm_scmi: Clear stale xfer->hdr.status
    - bpf: Skip task with pid=1 in send_signal_common()
    - erofs/zmap.c: Fix incorrect offset calculation
    - blk-cgroup: fix missing pd_online_fn() while activating policy
    - HID: playstation: sanity check DualSense calibration data.
    - dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
    - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint()
    - extcon: usbc-tusb320: fix kernel-doc warning
    - net: fix NULL pointer in skb_segment_list
    - net: mctp: purge receive queues on sk destruction
    - firewire: fix memory leak for payload of request subaction to IEC 61883-1
      FCP region
    - bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
    - ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
    - ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
    - bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
    - ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
    - bpf: Fix to preserve reg parent/live fields when copying range info
    - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
    - arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
    - drm/vc4: hdmi: make CEC adapter name unique
    - scsi: Revert "scsi: core: map PQ=1, PDT=other values to
      SCSI_SCAN_TARGET_PRESENT"
    - vhost/net: Clear the pending messages when the backend is removed
    - WRITE is "data source", not destination...
    - READ is "data destination", not source...
    - fix iov_iter_bvec() "direction" argument
    - fix "direction" argument of iov_iter_kvec()
    - ice: Prevent set_channel from changing queues while RDMA active
    - qede: execute xdp_do_flush() before napi_complete_done()
    - virtio-net: execute xdp_do_flush() before napi_complete_done()
    - dpaa_eth: execute xdp_do_flush() before napi_complete_done()
    - dpaa2-eth: execut

2015498 Debian autoreconstruct Fix restoration of execute permissions
2015812 Kinetic update: upstream stable patchset 2023-04-10
2015511 Kinetic update: upstream stable patchset 2023-04-06
1988346 cm32181 module error blocking suspend
2013088 kernel: fix __clear_user() inline assembly constraints
2013209 expoline.o is packaged unconditionally for s390x
2006453 Fix selftests/ftracetests/Meta-selftests in Focal
2009136 No HDMI audio under 5.19.0-35 \u0026 -37 (regression from -32)
2004262 Intel E810 NICs driver in causing hangs when booting and bonds configured
2015288 Kinetic update: upstream stable patchset 2023-04-04
1937133 devlink_port_split from ubuntu_kernel_selftests.net fails on hirsute (KeyError: 'flavour')
2011616 Connection timeout due to conntrack limits
2012977 Kinetic update: upstream stable patchset 2023-03-27
2012438 Kinetic update: upstream stable patchset 2023-03-21
2012307 Kinetic update: upstream stable patchset 2023-03-20
2009546 Kinetic update: upstream stable patchset 2023-03-06
CVE-2023-1075 A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the
CVE-2022-36280 An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel
CVE-2023-1118 A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user



About   -   Send Feedback to @ubuntu_updates